Abstract
Finding an appropriate IT security strategy by implementing the right security safeguards is a challenging task. Many organizations try to address this problem by obtaining an IT security certificate from a recognized standards organization. However, in many cases the requirements of a standard are too extensive to be implemented, particularly by smaller organizations. But the knowledge contained in a security standard may still be used to improve security. Organizations that have an interest in security but not in a certificate, face the challenge of utilizing this knowledge and selecting appropriate safeguards from the given standard. To solve this problem, a new robust optimization model to determine an optimal safeguard configuration is proposed. By incorporating multiple threat scenarios, obtained solutions are robust against uncertain security threats.
This is a preview of subscription content, log in via an institution.
References
Federal Office for Information Security. IT-Grundschutz-Catalogues: 13th Version (2013)
FICO. FICO Xpress Optimization Suite (2015). http://www.fico.com/en/products/fico-xpress-optimization-suite
Heitsch, H., Römisch, W.: Scenario tree modeling for multistage stochastic programs. Math. Program. 118(2), 371–406 (2009)
Schilling, A., Werners, B.: Optimizing information security investments with limited budget. Operations Research Proceedings. Springer, New York (2014)
Schilling, A., Werners, B.: Optimal selection of IT security safeguards from an existing knowledge base. Eur. J. Oper. Res. 248(1), 318–327 (2016)
Werners, B., Wülfing, T.: Robust optimization of internal transports at a parcel sorting center operated by Deutsche Post World Net. Eur. J. Oper. Res. 201(2), 419–426 (2010)
Acknowledgements
This work was partially supported by the Horst Görtz Foundation.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing Switzerland
About this paper
Cite this paper
Schilling, A. (2017). Robust Optimization of IT Security Safeguards Using Standard Security Data. In: Dörner, K., Ljubic, I., Pflug, G., Tragler, G. (eds) Operations Research Proceedings 2015. Operations Research Proceedings. Springer, Cham. https://doi.org/10.1007/978-3-319-42902-1_45
Download citation
DOI: https://doi.org/10.1007/978-3-319-42902-1_45
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-42901-4
Online ISBN: 978-3-319-42902-1
eBook Packages: Business and ManagementBusiness and Management (R0)